[Mimedefang] sendmail spf milter plugin for sendmail 8.13.0
David F. Skoll
dfs at roaringpenguin.com
Wed Aug 18 09:35:12 EDT 2004
On Wed, 18 Aug 2004 WBrown at e1b.org wrote:
> But wouldn't this require access to an account on the domain you are going
> to claim the email is from?
Yes, but it's easy enough to get a throwaway Yahoo account.
> If I want a message signed by Citibank, I would need access to send a
> message from their server. I don't have that and I'll bet most
> spammers/phishers don't either.
That's true. So as an anti-phishing measure, DomainKeys might have
some merit. That is, until phishers register domains like
"citi-bank.com" (oops, someone already has!) or "citionline.com"
(oops, that one's gone too!) that will certainly be enough to fool a
lot of people.
The other thing I've seen is a From: line like this:
From: "someone at citibank.com" <real-phisher-address at cracker.net>
Guess what most e-mail clients show in the "From" column? Guess which
address DomainKeys will check?
Regards,
David.
More information about the MIMEDefang
mailing list